package cn.qihua.security;

import java.io.Serializable;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ByteSource;

import cn.qihua.model.SysUser;
import cn.qihua.service.ISystemService;
import cn.qihua.service.IUserService;

public class UserRealm extends AuthorizingRealm implements Serializable{

	/**
	 * 
	 */
	private static final long serialVersionUID = 2252787639038496787L;
	private IUserService userService;
	private ISystemService systemService;

	/** 认证 **/
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(
			AuthenticationToken authcToken) throws AuthenticationException {
		UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
		String userName = token.getUsername();
		System.out.println("=======doGetAuthenticationInfo begin ==========");
		System.out.println("username: " + userName);
		System.out.print("password: ");
		System.out.println(token.getPassword());
		System.out.println("principal: " + token.getPrincipal());
		System.out.println("=======doGetAuthenticationInfo end ============");

		SysUser user = userService.findByUsername(userName);
		if (user == null) {
			System.out.println("用户名错误");
			throw new UnknownAccountException();// 没找到帐号
		}
		if (user.getLocked()) {
			throw new LockedAccountException(); // 帐号锁定
		}

		// 交给AuthenticatingRealm使用CredentialsMatcher进行密码匹配
		SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
				user.getUsername(), // 用户名
				user.getPassword(), // 密码
				ByteSource.Util.bytes(user.getCredentialsSalt()),// salt=username+salt
				this.getName() // realm name
		);
		Subject subject = SecurityUtils.getSubject();
		subject.getSession().setAttribute("UID", user.getId()); //把ID添加到会话备用
		return authenticationInfo;
	}

	/** 授权 **/
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(
			PrincipalCollection principals) {
		String userName = (String) principals.getPrimaryPrincipal();
		SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
		authorizationInfo.setRoles(systemService.findRolesByUName(userName));
		authorizationInfo.setStringPermissions(systemService
				.findPermissionsByUName(userName));
		return authorizationInfo;
	}

	public void setUserService(IUserService userService) {
		this.userService = userService;
	}

	public void setSystemService(ISystemService systemService) {
		this.systemService = systemService;
	}

}
